Digital Law Up(to)date: GDPR, eID and customer loyalty card before the Supreme Court

The Belgian Supreme Court has annulled a judgment of the Markets Court of 19 February 2020 (only available in Dutch), which itself challenged a decision of the Belgian Data Protection Authority (DPA) of 17 September 2019 (only available in Dutch). Initially, a customer complained that a retailer had to read his eID card to obtain a loyalty card. The customer refused and filed a complaint against this practice with the DPA. 

There are two interesting points in this judgment of 7 October 2021 (only available in Dutch):

1. The Supreme Court accepts that the DPA can establish infringements on the basis of a complaint by a person whose data has not been processed. In this case, refusing to provide one's eID card results in not being able to benefit from a loyalty card.
2. The Supreme Court also considers that such a practice of reading the eID card to obtain a loyalty card, without any other alternative, does not allow the data subject to be considered to have giving a free consent. It considers that the Markets Court did not reason correctly in distinguishing between a disadvantage and the loss of a possible additional benefit, the former not allowing consent to be considered free while the latter does. Unfortunately, the Supreme Court does not give any guidance to facilitate the assessment of the free nature of consent.

This article was co-authored by Edouard Cruysmans in his capacity of Professional Support Lawyer at Stibbe.